freeradius has a heap exploit in all versions before 0.9.3. It is possible for
an attacker to DOS the radius server.
Solution: upgrade to 0.9.3
Steps to Reproduce:
Send a compromised RADIUS paket to the server. It needs to have a
Tunnel-Password attribute inside.
The server crashes.
The server should not crash.
See release notes on http://freeradius.org/
Created attachment 21018 [details]
New freeradius ebuild for fixed version 0.9.3
An version bounced ebuild of the 0.9.0 ebuild I submitted some months ago.
This is version 0.9.3 which has the heap dos exploit fixed.
The original release mail for version 0.9.3 is here:
This is ready for a GLSA now.
Rajiv: could you release a GLSA for this?
GLSA 200311-04 sent out.